tag:github.com,2008:https://github.com/ReaJason/MemShellParty/releases 2026-02-08T12:53:50Z tag:github.com,2008:Repository/850550932/v2.6.0 2026-02-09T08:34:04Z <h3>Added</h3> <ol> <li>为 ByteBuddyGenerator 添加 postProcessBytes 模板方法，支持生成后对 shell bytes 进行操作</li> <li>支持 Resin 2.1.17 Agent 内存马的生成</li> <li>同步更新 Suo5V2 v2.1.0 修复逻辑（<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3885100680" data-permission-text="Title is private" data-url="https://github.com/ReaJason/MemShellParty/issues/135" data-hovercard-type="pull_request" data-hovercard-url="/ReaJason/MemShellParty/pull/135/hovercard" href="https://github.com/ReaJason/MemShellParty/pull/135">#135</a> By <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/zema1/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/zema1">@zema1</a>）</li> </ol> <h3>Fixed</h3> <ol> <li>(UI)修复生成按钮防连点失效（By <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/ReaJason/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/ReaJason">@ReaJason</a>）</li> <li>修复 ServletRenameVisitorWrapper 可能会导致部分 ByteBuddy Advisor 方法选中失效</li> <li>去除 JSP 脚本中 <code>Class&lt;?&gt;</code> 泛型，改为 <code>Class</code>，修复低版本 Servlet 容器解析失败</li> </ol> <h3>Changed</h3> <ol> <li>Suo5V2 抽取 Loader 进行 Suo5V2 的核心代码加载，增加可维护性（<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3885126162" data-permission-text="Title is private" data-url="https://github.com/ReaJason/MemShellParty/issues/136" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/136/hovercard" href="https://github.com/ReaJason/MemShellParty/issues/136">#136</a>）</li> <li>依赖更新</li> </ol> <p><strong>Full Changelog:</strong> <a href="https://github.com/ReaJason/MemShellParty/compare/v2.5.0...v2.6.0">v2.5.0...v2.6.0</a></p> <h2>更新方式</h2> <h3>Docker 部署</h3> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="docker rm -f memshell-party docker run --pull=always --rm -it -d -p 8080:8080 --name memshell-party reajason/memshell-party:latest"><pre>docker rm -f memshell-party docker run --pull=always --rm -it -d -p 8080:8080 --name memshell-party reajason/memshell-party:latest</pre></div> <h3>Jar 包启动</h3> <blockquote> <p>仅支持 JDK17 及以上版本</p> </blockquote> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="java -jar --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED boot-2.6.0.jar"><pre>java -jar --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED boot-2.6.0.jar</pre></div> github-actions[bot] tag:github.com,2008:Repository/850550932/v2.5.0 2026-01-18T16:35:20Z <h3>Added</h3> <ol> <li>添加 WebSocket BypassNginx 实现，使用方式见文档（By <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/ReaJason/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/ReaJason">@ReaJason</a>）</li> <li>添加 WebSocket Proxy 实现，使用方式见文档（<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3743590380" data-permission-text="Title is private" data-url="https://github.com/ReaJason/MemShellParty/issues/126" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/126/hovercard" href="https://github.com/ReaJason/MemShellParty/issues/126">#126</a>，Thanks <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/xiaoxiaoranxxx/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/xiaoxiaoranxxx">@xiaoxiaoranxxx</a>）</li> <li>添加 JSP/JSPX Unicode 打包方式（<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3702213437" data-permission-text="Title is private" data-url="https://github.com/ReaJason/MemShellParty/issues/116" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/116/hovercard" href="https://github.com/ReaJason/MemShellParty/issues/116">#116</a> Thanks <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/Ch1ngg/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/Ch1ngg">@Ch1ngg</a>）</li> <li>(UI)添加目标 JRE 版本的选择，防止部分情况下无法使用 JDK8 API（<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3800941230" data-permission-text="Title is private" data-url="https://github.com/ReaJason/MemShellParty/issues/131" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/131/hovercard" href="https://github.com/ReaJason/MemShellParty/issues/131">#131</a> Thanks <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/LTP414/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/LTP414">@LTP414</a>）</li> </ol> <h3>Fixed</h3> <ol> <li>修复自定义内存马 Agent 型无法显式调用 Jakarta API（<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3800941230" data-permission-text="Title is private" data-url="https://github.com/ReaJason/MemShellParty/issues/131" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/131/hovercard" href="https://github.com/ReaJason/MemShellParty/issues/131">#131</a> Thanks <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/LTP414/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/LTP414">@LTP414</a>）</li> <li>(UI)修复自定义内存马文件上传框中文字不居中</li> </ol> <h3>Changed</h3> <ol> <li>调整哥斯拉 WebSocket 马使用 <strong>AES_RAW</strong> 同时支持 GitHub 插件和特战版都可连接，使用方式见文档</li> <li>重构 MemShell 和 ProbeShell 集成测试用例，减少代码量</li> <li>支持 Spring 相关集成测试用例调用远程 docker 完成测试（目前所有集成测试用例可支持在远程 docker 执行）<a href="https://java.testcontainers.org/features/configuration/#customizing-docker-host-detection" rel="nofollow">customizing-docker-host-detection</a></li> <li>配置 Gradle 构建打包自动发布至 Maven Central(不需要额外去网页手动点 Publish)</li> <li>重命名仓库中 asserts -&gt; assets</li> <li>依赖更新</li> </ol> <p><strong>Full Changelog:</strong> <a href="https://github.com/ReaJason/MemShellParty/compare/v2.4.2...v2.5.0">v2.4.2...v2.5.0</a></p> <h2>更新方式</h2> <h3>Docker 部署</h3> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="docker rm -f memshell-party docker run --pull=always --rm -it -d -p 8080:8080 --name memshell-party reajason/memshell-party:latest"><pre>docker rm -f memshell-party docker run --pull=always --rm -it -d -p 8080:8080 --name memshell-party reajason/memshell-party:latest</pre></div> <h3>Jar 包启动</h3> <blockquote> <p>仅支持 JDK17 及以上版本</p> </blockquote> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="java -jar --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED boot-2.5.0.jar"><pre>java -jar --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED boot-2.5.0.jar</pre></div> github-actions[bot] tag:github.com,2008:Repository/850550932/v2.4.2 2026-01-11T18:34:06Z <h3>Added</h3> <ol> <li>新增对 WebSphere open-liberty 的内存马注入以及回显马（By <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/ReaJason/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/ReaJason">@ReaJason</a>）</li> <li>添加 libs 子模块，存放部分中间件源码包方便进行代码编写和调试以及便于编写后续源码分析文档</li> <li>支持 Filter 调序为第一个，解决部分鉴权 Filter 的连接干扰</li> <li>新增回显马可回显 Filter 列表</li> <li>目标服务文档填写适配表格，展示各版本该如何选取对应内存马挂载类型，<a href="https://dev-party.mem.mk/ui/docs/server-intro" rel="nofollow">https://dev-party.mem.mk/ui/docs/server-intro</a></li> <li>添加文档 tree 结构，欢迎一起完善文档</li> </ol> <h3>Fixed</h3> <ol> <li>修复注入器上下文获取失败时不会正确打印 <code>context not found</code></li> <li>修复文档页直接点击子菜单时 502 无法正确显示</li> <li>修复 web 前端项目无法在 Windows 环境正确编译（Thanks <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/kN6jq/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/kN6jq">@kN6jq</a>）</li> <li>修复 Jetty 回显马，直接使用 Request 和 Callback 导致部分环境 ClassNotFound 问题（改用反射调用）</li> </ol> <h3>Changed</h3> <ol> <li>调整 testcontainer 获取 host 的处理，支持使用远程 docker 环境完成测试</li> <li>简化 WebLogic context 获取代码，改为从 JMX 中获取</li> <li>依赖更新</li> </ol> <p><strong>Full Changelog:</strong> <a href="https://github.com/ReaJason/MemShellParty/compare/v2.4.1...v2.4.2">v2.4.1...v2.4.2</a></p> <h2>更新方式</h2> <h3>Docker 部署</h3> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="docker rm -f memshell-party docker run --pull=always --rm -it -d -p 8080:8080 --name memshell-party reajason/memshell-party:latest"><pre>docker rm -f memshell-party docker run --pull=always --rm -it -d -p 8080:8080 --name memshell-party reajason/memshell-party:latest</pre></div> <h3>Jar 包启动</h3> <blockquote> <p>仅支持 JDK17 及以上版本</p> </blockquote> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="java -jar --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED boot-2.4.2.jar"><pre>java -jar --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED boot-2.4.2.jar</pre></div> github-actions[bot] tag:github.com,2008:Repository/850550932/v2.4.1 2025-12-16T14:15:24Z <h3>Fixed</h3> <ol> <li>修复 Suo5v2、Godzilla、Command Listener 等无法中断请求的场景下未 close 响应流导致连接失败 (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3718293000" data-permission-text="Title is private" data-url="https://github.com/ReaJason/MemShellParty/issues/120" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/120/hovercard" href="https://github.com/ReaJason/MemShellParty/issues/120">#120</a> By <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/ReaJason/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/ReaJason">@ReaJason</a>, <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/zema1/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/zema1">@zema1</a> Thanks <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/whwlsfb/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/whwlsfb">@whwlsfb</a>)</li> <li>修复非调试模式下，throwable.printStackTrace 未被正确移除</li> <li>修复 responseBody 回显马如果业务优先触发 getOutputStream 或 getWriter 导致回显失败（<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3721572756" data-permission-text="Title is private" data-url="https://github.com/ReaJason/MemShellParty/issues/122" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/122/hovercard" href="https://github.com/ReaJason/MemShellParty/issues/122">#122</a> Thanks <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/localurk/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/localurk">@localurk</a>）</li> <li>修复某软新版获取不到 context 导致 Tomcat 内存马无法注入的问题（Thanks <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/unam4/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/unam4">@unam4</a>）</li> </ol> <h3>Changed</h3> <ol> <li>generator 模块去除 bcel 依赖，简化 jackson 依赖</li> <li>UI 添加 tooltip 简易描述方便使用，并优化部分布局细节</li> <li>UI 迁移 radix-ui 至 base-ui</li> <li>文档更新、依赖更新</li> </ol> <p><strong>Full Changelog:</strong> <a href="https://github.com/ReaJason/MemShellParty/compare/v2.4.0...v2.4.1">v2.4.0...v2.4.1</a></p> <h2>更新方式</h2> <h3>Docker 部署</h3> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="docker rm -f memshell-party docker run --pull=always --rm -it -d -p 8080:8080 --name memshell-party reajason/memshell-party:latest"><pre>docker rm -f memshell-party docker run --pull=always --rm -it -d -p 8080:8080 --name memshell-party reajason/memshell-party:latest</pre></div> <h3>Jar 包启动</h3> <blockquote> <p>仅支持 JDK17 及以上版本</p> </blockquote> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="java -jar --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED boot-2.4.1.jar"><pre>java -jar --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED boot-2.4.1.jar</pre></div> github-actions[bot] tag:github.com,2008:Repository/850550932/v2.4.0 2025-12-09T18:26:32Z <h3>Added</h3> <ol> <li>支持 Suo5 V2 版本内存马生成（<a href="https://github.com/ReaJason/MemShellParty/issues/118" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/118/hovercard">#118</a> By <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/ReaJason/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/ReaJason">@ReaJason</a> Thanks <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/zema1/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/zema1">@zema1</a>）</li> <li>支持 Struct2 Action 内存马与回显马生成</li> </ol> <h3>Changed</h3> <ol> <li>ui 探测马生成去除 jar 相关打包方式</li> </ol> <p><strong>Full Changelog:</strong> <a href="https://github.com/ReaJason/MemShellParty/compare/v2.3.0...v2.4.0">v2.3.0...v2.4.0</a></p> <h2>更新方式</h2> <h3>Docker 部署</h3> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="docker rm -f memshell-party docker run --pull=always --rm -it -d -p 8080:8080 --name memshell-party reajason/memshell-party:latest"><pre>docker rm -f memshell-party docker run --pull=always --rm -it -d -p 8080:8080 --name memshell-party reajason/memshell-party:latest</pre></div> <h3>Jar 包启动</h3> <blockquote> <p>仅支持 JDK17 及以上版本</p> </blockquote> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="java -jar --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED boot-2.4.0.jar"><pre>java -jar --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED boot-2.4.0.jar</pre></div> github-actions[bot] tag:github.com,2008:Repository/850550932/v2.3.0 2025-12-07T18:44:36Z <h3>Added</h3> <ol> <li>支持 Jetty Handler 与 Customizer 内存马生成（By <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/ReaJason/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/ReaJason">@ReaJason</a>）</li> <li>支持 Jetty ee8~ee11 的回显马（无法从 post urlencoded 中获取 parameter，请从 url queryParam 或 header 传入参数）</li> <li><strong>内存马生成支持回显模式对接回显马</strong></li> <li>支持 Tomcat Upgrade 内存马注入（仅 Tomcat8+ 可用）</li> <li>支持添加 lambda 类名后缀开关（<a href="https://github.com/ReaJason/MemShellParty/issues/97" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/97/hovercard">#97</a>）</li> <li>命令执行内存马与回显马支持自定义命令模板（<a href="https://github.com/ReaJason/MemShellParty/issues/115" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/115/hovercard">#115</a> Thanks <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/ViCrack/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/ViCrack">@ViCrack</a>）</li> <li>添加 ScriptEngine 绕过 Java 模块限制生成以及支持 H2URLPacker（metabase 漏洞测试）</li> <li>web 模块添加 <a href="https://fumadocs.dev/" rel="nofollow">fumadocs</a> 框架，支持文档编写</li> <li>回显马运行字节码时支持 base64 和 gzipBase64 字节码传入</li> <li>支持 GroovyTransformJar 打包方式（fastjson 漏洞注入 <a href="https://github.com/ReaJason/MemShellParty/issues/112" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/112/hovercard">#112</a> Thanks <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/DongHuangT1/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/DongHuangT1">@DongHuangT1</a>）</li> <li>回显马参数名称支持默认随机生成</li> </ol> <h3>Changed</h3> <ol> <li>由于 jetty handler 依赖的类干扰，boot 容器从 jetty 改为 undertow</li> <li>注入器和回显马添加 ok 标识仅运行一次，降低代码运行时间</li> </ol> <p><strong>Full Changelog:</strong> <a href="https://github.com/ReaJason/MemShellParty/compare/v2.2.0...v2.3.0">v2.2.0...v2.3.0</a></p> <h2>更新方式</h2> <h3>Docker 部署</h3> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="docker rm -f memshell-party docker run --pull=always --rm -it -d -p 8080:8080 --name memshell-party reajason/memshell-party:latest"><pre>docker rm -f memshell-party docker run --pull=always --rm -it -d -p 8080:8080 --name memshell-party reajason/memshell-party:latest</pre></div> <h3>Jar 包启动</h3> <blockquote> <p>仅支持 JDK17 及以上版本</p> </blockquote> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="java -jar --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED boot-2.3.0.jar"><pre>java -jar --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED boot-2.3.0.jar</pre></div> github-actions[bot] tag:github.com,2008:Repository/850550932/v2.2.0 2025-11-19T18:33:27Z <h3>Added</h3> <ol> <li>内存马注入器支持接入回显 toString 打印 contextPath 等注入成功或错误信息（By <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/ReaJason/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/ReaJason">@ReaJason</a>）</li> <li>boot 新增通过字节码 base64 获取类名接口，并支持自定义内存马使用随机类名或原始类名</li> <li>适配 Apusic 9.0.1 版本（金蝶 EAS Cloud）</li> <li>UI 在 JSP/Base64/序列化相关 payload 生成时添加下载按钮便于下载 JSP 文件/注入器 Class 文件/原始序列化文件</li> <li>支持注入器或回显马添加静态代码块执行构造方法调用，解决部分场景下无法手动调用构造方法</li> <li>支持 SpringWebMVC 回显马生成（<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3610356702" data-permission-text="Title is private" data-url="https://github.com/ReaJason/MemShellParty/issues/107" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/107/hovercard" href="https://github.com/ReaJason/MemShellParty/issues/107">#107</a>）</li> <li>添加 Jetty 12 中 ee11 的内存马注入支持和靶场测试用例</li> <li>支持 ScriptEngineJar 打包方式（SnakeYaml 漏洞注入，<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3629839845" data-permission-text="Title is private" data-url="https://github.com/ReaJason/MemShellParty/issues/109" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/109/hovercard" href="https://github.com/ReaJason/MemShellParty/issues/109">#109</a>）</li> <li>支持 AbstractTranslet 打包方式，方便 TemplatesImpl 反序列化漏洞注入</li> <li>支持脚本引擎执行回显马生成，方便调试</li> </ol> <h3>Fixed</h3> <ol> <li>修复自定义内存马生成报错（<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3434179517" data-permission-text="Title is private" data-url="https://github.com/ReaJason/MemShellParty/issues/102" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/102/hovercard" href="https://github.com/ReaJason/MemShellParty/issues/102">#102</a>、<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3584651402" data-permission-text="Title is private" data-url="https://github.com/ReaJason/MemShellParty/issues/106" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/106/hovercard" href="https://github.com/ReaJason/MemShellParty/issues/106">#106</a>，Thanks <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/love71/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/love71">@love71</a> and <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/m0s30/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/m0s30">@m0s30</a>）</li> <li>修复 Tomcat Valve 仅单个情况下注入 ProxyValve 导致站挂掉（<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3507077130" data-permission-text="Title is private" data-url="https://github.com/ReaJason/MemShellParty/issues/105" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/105/hovercard" href="https://github.com/ReaJason/MemShellParty/issues/105">#105</a> Thanks <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/love71/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/love71">@love71</a>）</li> <li>默认哥斯拉内存马去除对 session 的依赖，解决部分场景下 session 为 null 导致无法连接</li> </ol> <h3>Changed</h3> <ol> <li>命令执行内存马和命令执行回显马支持从参数或请求头中获取命令参数</li> <li>调整靶场构建使用的 openjdk 改为 eclipse-temurin</li> <li>依赖更新</li> </ol> <p><strong>Full Changelog:</strong> <a href="https://github.com/ReaJason/MemShellParty/compare/v2.1.0...v2.2.0">v2.1.0...v2.2.0</a></p> <h2>更新方式</h2> <h3>Docker 部署</h3> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="docker rm -f memshell-party docker run --pull=always --rm -it -d -p 8080:8080 --name memshell-party reajason/memshell-party:latest"><pre>docker rm -f memshell-party docker run --pull=always --rm -it -d -p 8080:8080 --name memshell-party reajason/memshell-party:latest</pre></div> <h3>Jar 包启动</h3> <blockquote> <p>仅支持 JDK17 及以上版本</p> </blockquote> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="java -jar --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED boot-2.2.0.jar"><pre>java -jar --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED boot-2.2.0.jar</pre></div> github-actions[bot] tag:github.com,2008:Repository/850550932/v2.1.0 2025-09-13T01:12:20Z <h3>Added</h3> <ol> <li>添加 BigInteger、ScriptEngineBigInteger 打包方式（<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3350272105" data-permission-text="Title is private" data-url="https://github.com/ReaJason/MemShellParty/issues/86" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/86/hovercard" href="https://github.com/ReaJason/MemShellParty/issues/86">#86</a> by @wanswu）</li> <li>添加 SpELSpringGzipJDK17 打包方式（<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3345014534" data-permission-text="Title is private" data-url="https://github.com/ReaJason/MemShellParty/issues/83" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/83/hovercard" href="https://github.com/ReaJason/MemShellParty/issues/83">#83</a> by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/xcxmiku/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/xcxmiku">@xcxmiku</a> and <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/ReaJason/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/ReaJason">@ReaJason</a>）</li> <li>添加 JXPathSpringGzipPacker、JXPathSpringGzipPackerJDK17 打包方式（GeoServer 漏洞注入）</li> <li>添加 Base64URLEncoded 打包方式（配合回显马进行小马拉大马测试）</li> <li>支持回显马在进行自定义字节码执行时去除 Java 魔数流量特征 <div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="/path/code?payload=yv66vgAAADIBVQEAJ29yZy9hcGFj..."><pre lang="text" class="notranslate"><code>/path/code?payload=yv66vgAAADIBVQEAJ29yZy9hcGFj... </code></pre></div> 改为只需要如下方式 <div class="snippet-clipboard-content notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="/path/code?payload=IBVQEAJ29yZy9hcGFj..."><pre lang="text" class="notranslate"><code>/path/code?payload=IBVQEAJ29yZy9hcGFj... </code></pre></div> </li> </ol> <h3>Fixed</h3> <ol> <li>修复非调试模式下，构造方法中的 e.printStackTrace() 并没有被移除</li> <li>修复使用 Dockerfile 进行自定义构建时，自定义路由无法正常工作</li> <li>修复探测内存马中 Sleep 和 DNSLog 自定义类名失效（<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3354920361" data-permission-text="Title is private" data-url="https://github.com/ReaJason/MemShellParty/issues/89" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/89/hovercard" href="https://github.com/ReaJason/MemShellParty/issues/89">#89</a> Thanks <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/yinsel/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/yinsel">@yinsel</a>）</li> <li>修复自定义内存马中，不会自动调用 listener 添加 getResponseFromRequest 实现代码和 valve 修改包名的逻辑（使用自定义内存马请参考：<a href="/ReaJason/MemShellParty/blob/v2.1.0/docs/WriteCustomShell.md">如何使用自定义内存马功能</a> 进行实现，否则会出现不可用的问题）</li> <li>修复使用 SDK 时，Agent Packer 在 jar-with-dependencies(fatjar) 中会出现打包整个 jar 的问题</li> <li>修复 Tomcat Listener 注入会使之前所有 Listener 失效（<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3359901480" data-permission-text="Title is private" data-url="https://github.com/ReaJason/MemShellParty/issues/93" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/93/hovercard" href="https://github.com/ReaJason/MemShellParty/issues/93">#93</a>）</li> </ol> <h3>Changed</h3> <ol> <li>修改 Packer 中对于 Thread.currentThread().getContextClassLoader() 的纯依赖改为新建 URLClassLoader，使得回显马可多次执行</li> <li>去除 logback（java11）和 okhttp 无用依赖，解决使用 SDK 打包部分场景会出现类版本不支持的问题</li> <li>实现 Lombok SuperBuilder 自定义 Builder 简化配置类的创建代码（#9f8f3baa）</li> <li>优化命令执行内存马，改为和回显马逻辑一致，使用 ProcessBuilder.redirectErrorStream 简化流读取</li> <li>修改 packer 中脚本存放添加 memshell-party 一级，防止打包成 fatjar 时文件全在根目录，可能会被覆盖导致功能破坏</li> <li>优化资源读取，通过工具类 loadTemplateFromResource 统一实现</li> <li>优化 Agent Attacher JDK11 异常处理</li> <li>依赖更新</li> </ol> <p><strong>Full Changelog:</strong> <a href="https://github.com/ReaJason/MemShellParty/compare/v2.0.0...v2.1.0">v2.0.0...v2.1.0</a></p> <h2>更新方式</h2> <h3>Docker 部署</h3> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="docker rm -f memshell-party docker run --pull=always --rm -it -d -p 8080:8080 --name memshell-party reajason/memshell-party:latest"><pre>docker rm -f memshell-party docker run --pull=always --rm -it -d -p 8080:8080 --name memshell-party reajason/memshell-party:latest</pre></div> <h3>Jar 包启动</h3> <blockquote> <p>仅支持 JDK17 及以上版本</p> </blockquote> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="java -jar --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED boot-2.1.0.jar"><pre>java -jar --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED boot-2.1.0.jar</pre></div> github-actions[bot] tag:github.com,2008:Repository/850550932/v2.0.0 2025-08-13T16:22:11Z <div class="markdown-alert markdown-alert-warning"><p class="markdown-alert-title"><svg class="octicon octicon-alert mr-2" viewBox="0 0 16 16" version="1.1" width="16" height="16" aria-hidden="true"><path d="M6.457 1.047c.659-1.234 2.427-1.234 3.086 0l6.082 11.378A1.75 1.75 0 0 1 14.082 15H1.918a1.75 1.75 0 0 1-1.543-2.575Zm1.763.707a.25.25 0 0 0-.44 0L1.698 13.132a.25.25 0 0 0 .22.368h12.164a.25.25 0 0 0 .22-.368Zm.53 3.996v2.5a.75.75 0 0 1-1.5 0v-2.5a.75.75 0 0 1 1.5 0ZM9 11a1 1 0 1 1-2 0 1 1 0 0 1 2 0Z"></path></svg>Warning</p><p>为了区分内存马和探测马，部分类名和接口做了调整，如果使用了 SDK，需要参考：<a href="https://github.com/ReaJason/MemShellParty/tree/master/examples/memshell-party-maven-example">examples/memshell-party-maven-example</a> 进行调整。</p> </div> <h3>Added</h3> <ul> <li><strong>支持探测马生成</strong> (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3157351709" data-permission-text="Title is private" data-url="https://github.com/ReaJason/MemShellParty/issues/71" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/71/hovercard" href="https://github.com/ReaJason/MemShellParty/issues/71">#71</a> by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/ReaJason/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/ReaJason">@ReaJason</a>，部分代码参考 jeg 与 java-chains)</li> <li>Web 添加关于页面</li> <li>支持 H2 JDBC 打包方式（DataEase 漏洞注入）</li> <li>支持 XMLDecoder 打包方式（WebLogic 漏洞注入）</li> <li>支持 OGNL SpringUtils 打包方式（Confluence 漏洞注入）</li> </ul> <h3>Fixed</h3> <ul> <li>修复 SpringWebMVC Agent 无法点击生成按钮 (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3265753653" data-permission-text="Title is private" data-url="https://github.com/ReaJason/MemShellParty/issues/77" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/77/hovercard" href="https://github.com/ReaJason/MemShellParty/issues/77">#77</a>)</li> <li>修复 Spring Boot 对于 no static resource 老是抛出错误日志</li> <li>修复 TongWeb8 context 获取错误导致注入失败的问题</li> </ul> <h3>Changed</h3> <ul> <li><strong>简化 Server 类型选择，例如 JBossEAP7 和 WildFly 选择 Undertow</strong> (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3234249269" data-permission-text="Title is private" data-url="https://github.com/ReaJason/MemShellParty/issues/74" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/74/hovercard" href="https://github.com/ReaJason/MemShellParty/issues/74">#74</a> by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/zema1/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/zema1">@zema1</a>)</li> <li><strong>去除注入器中静态代码块调用构造方法，减少注入动作的触发</strong>（可能会导致部分 <code>Class.forName("name", true, loader)</code> 的场景注入失败，后续会添加字节码 Web 工具进行这块的处理）</li> <li>简化 Tomcat AgentInjector 的代码</li> <li>前端 module 分包减少单个 js 体积，加快首次加载速度</li> <li>移除 memshell-party-bom 模块，改用 gradle/libs.versions.toml，参考：<a href="https://docs.gradle.org/current/userguide/best_practices_dependencies.html#use_version_catalogs" rel="nofollow">Use Version Catalogs to Centralize Dependency Versions</a></li> <li>使用 build-logic 替代 buildSrc，加快构建速度，参考：<a href="https://docs.gradle.org/current/userguide/best_practices_general.html#favor_composite_builds" rel="nofollow">Favor build-logic Composite Builds for Build Logic</a></li> <li>从 generator 模块中分离 payload 生成代码并合并 deserialize 模块为 packer 模块</li> <li>使用 i18 扁平化 key，并使用 namespace 区分 MemShell 和 ProbeShell 的字段，参考：<a href="https://github.com/RSSNext/Folo/blob/dev/locales/common/zh-CN.json">RSSNext/Folo/zh-CN.json</a></li> <li>升级 gradle-maven-publish-plugin 插件版本，简化打包指令</li> <li>统一生成内存马类过程中抛出异常为 GenerationException，并单独设置 GlobalExceptionHandler</li> </ul> <p><strong>Full Changelog:</strong> <a href="https://github.com/ReaJason/MemShellParty/compare/v1.10.0...v2.0.0">v1.10.0...v2.0.0</a></p> <h2>更新方式</h2> <h3>Docker 部署</h3> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="docker rm -f memshell-party docker run --pull=always --rm -it -d -p 8080:8080 --name memshell-party reajason/memshell-party:latest"><pre>docker rm -f memshell-party docker run --pull=always --rm -it -d -p 8080:8080 --name memshell-party reajason/memshell-party:latest</pre></div> <h3>Jar 包启动</h3> <blockquote> <p>仅支持 JDK17 及以上版本</p> </blockquote> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="java -jar --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED boot-2.0.0.jar"><pre>java -jar --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED boot-2.0.0.jar</pre></div> github-actions[bot] tag:github.com,2008:Repository/850550932/v1.10.0 2025-06-07T11:59:18Z <h3>Added</h3> <ul> <li>添加新的 JSP 打包方式（直接使用 defineClass 进行注入）(by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/zema1/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://github.com/zema1">@zema1</a> <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="3102002244" data-permission-text="Title is private" data-url="https://github.com/ReaJason/MemShellParty/issues/67" data-hovercard-type="issue" data-hovercard-url="/ReaJason/MemShellParty/issues/67/hovercard" href="https://github.com/ReaJason/MemShellParty/issues/67">#67</a>)</li> <li>支持 Tomcat 和 JBossAS ProxyValve 内存马（通过动态代理将 StandardPipeline 的第一个 valve 进行包装注入自定义逻辑）</li> </ul> <h3>Fixed</h3> <ul> <li>修复哥斯拉无法使用最新版连接</li> <li>修复 TongWeb8 Valve 未适配</li> <li>修复移动端 UI 输入框 placeholder 字体过大</li> <li>修复移动端 UI 类名复制按钮超出卡片范围</li> </ul> <h3>Changed</h3> <ul> <li>修改 Valve 和 Listener 字节码修改时机，改为生成时再进行修改，方便自定义内存马生成，参考文档：<a href="https://github.com/ReaJason/MemShellParty/blob/master/docs/WriteCustomShell.md">如何使用自定义内存马功能</a></li> <li>合并 memshell 与 memshell-jdk8 模块，方便维护</li> <li>UI 使用新的 shadcn/ui 提供的 Zinc 主题配置</li> <li>将所有 Shell 捕获异常从 Exception 改为 Throwable</li> <li>简化 Shell base64 方法代码</li> <li>Gradle 更新至 8.14.2</li> <li>参考 <a href="https://docs.gradle.org/current/userguide/best_practices_general.html" rel="nofollow">General Gradle Best Practices</a>，将构建脚本改为<br> Kotlin DSL</li> </ul> <p><strong>Full Changelog:</strong> <a href="https://github.com/ReaJason/MemShellParty/compare/v1.9.0...v1.10.0">v1.9.0...v1.10.0</a></p> <h2>更新方式</h2> <h3>Docker 部署</h3> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="docker rm -f memshell-party docker run --pull=always --rm -it -d -p 8080:8080 --name memshell-party reajason/memshell-party:latest"><pre>docker rm -f memshell-party docker run --pull=always --rm -it -d -p 8080:8080 --name memshell-party reajason/memshell-party:latest</pre></div> <h3>Jar 包启动</h3> <blockquote> <p>仅支持 JDK17 及以上版本</p> </blockquote> <div class="highlight highlight-source-shell notranslate position-relative overflow-auto" data-snippet-clipboard-copy-content="java -jar --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED boot-1.10.0.jar"><pre>java -jar --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.trax=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xalan.internal.xsltc.runtime=ALL-UNNAMED boot-1.10.0.jar</pre></div> github-actions[bot]